Content service on demand

ABSTRACT

A method is provided and may include receiving a request for a network content delivery service from an access device; directing the access device to a network service provider for authentication for the network content delivery service; receiving a network authorization token from the access device, where the network authorization token is associated with the access device; obtaining a network access token from the network service provider; and binding the network access token to a content access token.

TECHNICAL FIELD

This disclosure relates in general to the field of content service ondemand and, more particularly, to providing network content with adifferentiated quality of service (QoS).

BACKGROUND

There is plenty of Over-The-Top (OTT) high quality video contentavailable on the Internet. The volume and initial consumer adoption isincreasing dramatically. Traditional TV content still dominates, andconsumers are used to a premium TV experience. The online transition toOver-the-Top content, or more generally, content provided by a contentservice provider that differs from the network service provider, isenabling the ability to view content anytime anywhere. Content that canbe associated with a content provider may be viewed as Over-the-Topcontent with regard to a network service provider. For example, asubscriber with a cable TV subscription may watch their cloud DVRrecordings over a mobile network using a tablet PC. However, currently,the online Over-the-Top experience relies on over-provisioned accessnetworks that may leave a lot to be desired in terms of quality observedby the end user.

BRIEF DESCRIPTION OF THE DRAWINGS

To provide a more complete understanding of the present disclosure andfeatures and advantages thereof, reference is made to the followingdescription, taken in conjunction with the accompanying figures, whereinlike reference numerals represent like parts, in which:

FIG. 1 is an example illustration of an implementation of contentservice on demand (CSoD) system in accordance with one exampleembodiment;

FIG. 2 is an example illustration of a network content service on demandarchitecture in accordance with one example embodiment;

FIG. 3 is an example illustration of a content service on demand (CSoD)flow overview in accordance with one example embodiment;

FIG. 4 is a simplified flowchart illustrating method for providingnetwork content in accordance with one example embodiment;

FIG. 5 is an example illustration of a number of messages between a userdevice, network service provider, and content service provider inaccordance with one example embodiment;

FIG. 6 is an example illustration of a number of messages for newcontent on a selected channel between a user device, network serviceprovider, and content service provider in accordance with one exampleembodiment;

FIG. 7 is an example illustration of a number of messages between a userdevice, network service provider, and content service provider inaccordance with one example embodiment;

FIG. 8 is an example illustration of a number of messages between a userdevice, home network service provider, visited network service provider,and content service provider in accordance with one example embodiment;

FIG. 9 is an example illustration of a number of messages for newcontent on a selected channel between a user device, network serviceprovider, and content service provider in accordance with one exampleembodiment;

FIGS. 10A and 10B are example illustrations of a number of messagesduring a service on demand session initiation in accordance with oneexample embodiment;

FIG. 11 is an example illustration of a number of messages during aservice on demand session Internet streamer switchover in accordancewith one example embodiment; and

FIG. 12 is an example illustration of a number of messages during aservice on demand session termination in accordance with one exampleembodiment.

DETAILED DESCRIPTION OF EXAMPLE EMBODIMENTS Overview

A method is provided and may include receiving a request for a networkcontent delivery service from an access device. The term ‘networkcontent delivery service’ includes any type of activity associated withvideo propagation in any type of network (e.g., adaptive bit rateprotocols, streaming protocols, subscription models involving cablecompanies, video providers (e.g., Amazon™, Netflix™, etc.)). The networkcontent delivery service can include any type of service (e.g., providedin the network or provided to the access device) being requested. Themethod also includes directing the access device to a network serviceprovider (i.e., any entity involved in the network service) forauthentication for the network content delivery service. ‘Directing’ insuch a context can include, but is not limited to, routing packets,sending a message to the access device, coordinating or otherwisemanaging the session for the access device, etc. The method alsoincludes receiving a network authorization token (e.g., any type ofidentifier, symbol, label, key, etc.) from the access device, where thenetwork authorization token can be associated with the access device.The method can also include obtaining (e.g., receiving, identifying,looking up, etc.) a network access token from the network serviceprovider and binding (e.g., associating, correlating, analyzing, etc.)the network access token to a content access token.

Example Embodiments

FIG. 1 is a simplified block diagram of an implementation of a contentservice on demand (CSoD) system in accordance with one exampleembodiment. As shown, CSoD system 100 includes an access device 102, anetwork service provider 104, and a content service provider console106. Network service provider 104 can be associated with (i.e., locatedwithin) a network service provider network 108-1 and content serviceprovider console 106 can be associated with (i.e., located within) acontent network to be managed by any suitable entity (e.g., Hulu™,Netflix™, Cable Operators, Amazon™, etc.) that seeks to deliver and/ormanage video delivery in any manner.

Access device 102 may be configured to facilitate access by a user 110to network content 112 associated with (e.g., provided by) contentservice provider console 106. To this end, access device 102 maycommunicate with content service provider console 106 by way of networkservice provider network 108-1 and content network 108-2. Access device102 may be implemented by any suitable access device, such as a mobileor wireless device (e.g., a mobile phone and/or a tablet computer), apersonal computer, a set-top box device, a digital video recorder(“DVR”) device, a personal-digital assistant device, a gaming device, atelevision device, and/or any other suitable computing device configuredto access network content 112.

As used herein, “network content” refers to any data, service, orcontent (e.g., Internet content) that may be accessed by way of anetwork. For example, network content 112 may include, but is notlimited to, a website, a network-based application (e.g., an applicationconfigured to be executed by a mobile device), a network-based service(e.g., an email service, a global positioning service (“GPS”) service, anavigation service, etc.), gaming content, advertisement content (e.g.,web-based advertisements, banner advertisements, pop-up advertisements,etc.), media content (e.g., video and/or audio content), and/or anyother type of content accessible by way of a network as may serve aparticular implementation.

As used herein, a “network service provider” may include any entityconfigured to provide one or more network access services (e.g.,wireless data access services) to a user (e.g., a subscriber). Forexample, a network service provider may include, but is not limited to,a wireless carrier, a wireless network provider, an Internet networkservice provider, a subscriber television network service provider,and/or any other type of provider of network access services as mayserve a particular implementation.

As used herein, a “content service provider” may include any entity orperson associated with network content 112 other than a network serviceprovider. For example, a content service provider may include, but isnot limited to, a website owner, an application developer, anapplication provider, an advertisement provider, a media provider, anentity (i.e., a third party entity) other than the entity that actuallyprovides and/or maintains network content 112, etc.

Network service provider network 108-1 may be configured to provide oneor more network access services (e.g., wireless data access services) toaccess device 102. For example, network service provider 104 may beconfigured to manage (e.g., track, allow, disallow, route, etc.) networktraffic (i.e., data) that flows through network service provider network108-1. To this end, network service provider network 108-1 may beimplemented by one or more gateways, routers, servers (e.g., DNS serversand/or billing management servers), and/or other network components asmay serve a particular implementation. Network service provider 104 mayalso provide a differentiated quality of service (QoS). DifferentiatedQoS may include a guaranteed bit rate (GBR) bandwidth and non-GBR toaccess device 102. Adaptive bit rate (ABR) technology may be used todeliver network content 112. However, network service provider 104 mayapply a QoS treatment to support a quality experience.

Content service provider console 106 may be associated with any suitabledevice and/or content network and may be configured to provide networkcontent 112 that may be accessed by access device 102. Content network108-2 may be implemented by any combination of computing devices (e.g.,servers) as may serve a particular implementation. A user (e.g.,subscriber) may access network content 112, such as video content,through content service provider console 106.

Access device 102, network service provider 104, and content serviceprovider console 106 may communicate with one another using any suitablecommunication technologies, devices, media, and protocols supportive ofdata communications, including, but not limited to, socket connections,Ethernet, data bus technologies, data transmission media, communicationsdevices, Transmission Control Protocol (“TCP”), Internet Protocol(“IP”), File Transfer Protocol (“FTP”), Telnet, Hypertext TransferProtocol (“HTTP”), Hypertext Transfer Protocol Secure (“HTTPS”), SessionInitiation Protocol (“SIP”), Simple Object Access Protocol (“SOAP”),Extensible Mark-up Language (“XML”) and variations thereof, Simple MailTransfer Protocol (“SMTP”), Real-Time Transport Protocol (“RTP”), UserDatagram Protocol (“UDP”), Global System for Mobile Communications(“GSM”) technologies, Code Division Multiple Access (“CDMA”)technologies, Evolution Data Optimized Protocol (“EVDO”), 4G Long TermEvolution (“LTE”), WiMax, Time Division Multiple Access (“TDMA”)technologies, Short Message Service (“SMS”), Multimedia Message Service(“MMS”), radio frequency (“RF”) signaling technologies, wirelesscommunication technologies (e.g., Bluetooth, Wi-Fi, etc.), in-band andout-of-band signaling technologies, and other suitable communicationstechnologies.

As shown, access device 102, network service provider 104, and contentservice provider console 106 may communicate by way of network serviceprovider network 108-1 and content network 108-2. Network serviceprovider network 108-1 may include any provider-specific network (e.g.,a wireless carrier network or a mobile telephone network). Contentnetwork 108-2 may include a content service provider-specific network,the Internet, or any other suitable network associated with contentservice provider console 106. Data may flow between network serviceprovider network 108-1 and content network 108-2 using any suitablecommunication technologies, devices, media, and protocols as may serve aparticular implementation.

While two interconnected networks 108-1 and 108-2 (collectively“networks 108”) are shown in FIG. 1, it will be recognized that networks108-1 and 108-2 may be combined into a single network 108 in accordancewith the methods and systems described herein. Likewise, it will berecognized that access device 102 may access network content 112 by wayof more than two interconnected networks in accordance with the methodsand systems described herein as may serve a particular implementation.

FIG. 2 is a simplified illustration of a network content service ondemand architecture in accordance with one example embodiment.Architecture 200 may include user 110, network service provider 104, andcontent service provider console 106, which may further include aprocessor 225 and a memory element 227. User 110 may use access device102 to access to network service provider 104. Network service provider104 may include a policy server 206, a content delivery network 208, atleast one access network 210, a network resource 211, a networkauthorization token 213, and a network access token 215. Contentdelivery network 208 may include an Internet streamer 212, a servicerouter 214, and a web server 216. Content service provider console 106may include network content 112, a content access token 218, and acontent authorization token 220.

User 110 (also referred to as an end user) has access to various accessdevices, such as access device 102, and may be able to access networkcontent 112 hosted on the Internet through the use of access device 102.Network content 112 may be of varying qualities and may be delivered tomultiple users over mobile and wired networks. Access device 102 mayalso be referred to as client devices and may include, but not limitedto, TV/DVD devices, personal computers, tablets (iPads™, Surfaces™,etc.), laptops, smartphones (e.g., iPhones™, Google Droids™, etc.),Ultrabooks™, etc.

Content service provider console 106 may provide network content 112 touser 110 and other users through access devices. An example of a contentservice provider may be, but not limited to, an application serviceprovider, which may provide applications to access devices. Anotherexample may be a movie streaming service, which may provide movies toaccess devices. The CSoD architecture depicts the cloud-based servicesprovided by content service provider console 106, network serviceprovider 104 with one or more access networks, and user 110 withmultiple types of devices that have both wired and wirelessconnectivity.

Content service provider console 106 may use access and authorizationtokens along with network service provider 104 to grant access tonetwork content 112 and network resource 211. Content service providerconsole 106 may be configured to generate content access token 218 andcontent authorization token 220.

An access or authorization token may grant access to an object, file,resource, login session, etc. to the holder of the access orauthorization token. Content access token 218 may grant access tonetwork content 112. Content authorization token 220 may provide thecredentials for obtaining content access token 218. In an embodiment,only content authorization token 220 and network authorization token 213may be exposed to access device 102. In one or more embodiments, networkaccess token 215 and content access token 218 may not be exposed toaccess device 102. However, it other embodiments, it may be possible forany configuration of tokens to be exposed to access device 102.Additionally, in one or more embodiments, network access token 215 maybe bound to content access token 218. In an embodiment, binding may be alogical association between the tokens. Binding may be implemented byencapsulating one token within another token or by a protocol semanticsfor associating two fields in a message or any other way to logicallyassociate the two tokens carrying the information needed for authorizingresources. In other embodiments, tokens may be bound together byincluding one token within another token, or one token may containanother token. In further embodiments, tokens may be bound in otherways, such as, for example, referencing each other.

Network service provider 104 may be configured to generate networkauthorization token 213 and network access token 215. Theses tokens mayalso be referred to as channel authorization token and channel accesstoken, respectively. These tokens may also be referred to as deviceauthorization token and device access token, respectively. Networkauthorization token 213 provide the credentials for obtaining networkaccess token 215. Network access token 215 may grant access to networkresource 211.

Content service provider console 106 may pay network service provider104 for delivering network content 112, with a better QoS, to user 110.In turn, network service provider 104 may pay content service providerconsole 106 for providing network content 112.

Network service provider 104 may include content delivery network (CDN)208 and access network 210. Access network 210 may be part of atelecommunications network that connects access device 102 of user 110(i.e., subscriber) to network service provider 104. Access network 210may include and be able to allocate a network resource 211. One exampleof network resource 211 may be, but not limited to, bandwidth. Forexample, access network 210 may allocate a guaranteed amount ofbandwidth for delivery of network content 112.

Content delivery network 208 may be a large distributed system ofservers deployed in multiple data centers in the Internet. An objectiveof CDN 208 is to serve content to user 110 with high availability andhigh performance. CDNs currently serve a large fraction of the Internetcontent, including web objects (text, graphics, URLs and scripts),downloadable objects (media files, software, documents), applications(e-commerce, portals), live streaming media, on-demand streaming media,and social networks.

CDN 208 may include Internet streamer 212, service router 214, and webserver 216. Internet streamer 212 may handle network content 112streaming and download to access device 102 of user 110. Service router214 may mediate requests from access device 102. Service router 214 mayselect an Internet streamer based on location and load conditions. Webserver 216 may control uniform resource locators (URLs) for delivery ofnetwork content 112. In an embodiment, CDN 208 may provide numerousbenefits for cacheable content: reduced delivery cost, improved qualityof experience for user 110, and increased robustness of delivery.

One or more embodiments of this disclosure provides for collaborationbetween content service provider console 106 and network serviceprovider 104 using a content service on demand (e.g., video service ondemand (VSOD)). This arrangement allows a single service provider toparticipate as both a content service provider and a network serviceprovider. This arrangement allows a content service provider to reachits subscribers via other network service providers without having tobuild out more access network infrastructure. In addition, the networkservice providers can serve other content service providers and leverageits own access network to monetize this established resource.

An embodiment of this disclosure enables Internet-level scalability forresource sharing (i.e., NSP's network and CSP's content). The revenuefrom user 110 may be shared between content service provider console 106and network service provider 104 as the service providers collaborate tosatisfy the demands of the customer that wants access to unlimitedcontent with premium delivery

User 110 may have the availability of applications and content at theInternet level (i.e. not limited to SP's wall garden), reachable overmany media (e.g. cable, Wi-Fi, 3G/4G) with quality delivery, andenjoying the high-resolution possible on different access devices.

One or more embodiments of this disclosure may provide dynamicauthentication, authorization and service level agreement exchangebetween service providers (e.g., using Open Authorization). Theembodiments may also provide for policy linkage between a networkresource (e.g., bandwidth) and a content resource (e.g., network content112) by use of simple Internet technologies rather than elaborate policyserver peering infrastructure. Additionally, the embodiments may providequality of service (QoS) enforcement for the OTT data path at a sessionlevel, avoiding scalability issues with flow level.

An example embodiment may be a service for OTT Video on Demand withquality delivery. User 110 may browse the Internet and encounters videocontent that user 110 wants to watch from content service providerconsole 106. User 110 may choose the VSoD service provided by networkservice provider 104 for quality delivery. After authorization bynetwork service provider 104, user 110 may play the video with accessdevice 102. Network service provider 104 may provide sufficientbandwidth at a steady rate to achieve high quality viewing experience.

In one or more embodiments of this disclosure, network service provider104 and application service providers/content service provider console106 have business relationships and set up the SoD APIs based onindustry standard, open authorization (OAuth). In different embodiments,other authorization standards may be used alone or in combination withOAuth (e.g., OpenID). This resource sharing technology is scalable forthe Internet-wide services and readily available in commercial webservices.

In one or more embodiments of this disclosure, CSoD APIs may be used tovalidate the consumption of resources (e.g. bandwidth of network serviceprovider 104 and video content of content service provider console 106).The identifiers used to obtain resources can be logged for billingpurpose. In one or more embodiments of this disclosure, the OAuthtechnique is enhanced to link network service provider 104 andapplication service providers/content service provider console 106resources to ensure quality delivery for data path of application/videocontent. In one or more embodiments of this disclosure, content deliverynetwork 208 delivers network content 112 at the traffic rate of aparticular ABR profile quality level (to replicate a constant bit rateas used in current network service provider channels). The packets,which make up network content 112, are marked for preferentialtreatment. The session for delivering network content 112 is maintainedbased on the network access token. The session may consist of multipletransmission control protocol (TCP) sessions and remains constant evenwhen the TCP session changes, Internet streamer 212 switches over,network content 112 changes, etc. If access device 102 conditionsdictate use of a lower ABR profile (e.g. due to CPU constraints), theaccess device 102 can lower the ABR profile.

In one or more embodiments of this disclosure, access network 210 (e.g.Data Over Cable Service Interface Specification (DOCSIS), LTE) has abearer for the aggregate bandwidth (flow filters may not be needed). Thedownstream packets are associated with the right bearer based on the IPaddress and differentiated services code point (DSCP) marking.Differentiated services may be a computer networking architecture thatspecifies a simple, scalable and coarse-grained mechanism forclassifying and managing network traffic and providing quality ofservice (QoS) on modern IP networks. DSCP can, for example, be used toprovide low-latency to critical network traffic such as voice orstreaming media while providing simple best-effort service tonon-critical services such as web traffic or file transfers.

Network service provider 104 and content service provider console 106may use Internet Engineering Task Force (IETF) standard protocols toshare and link resources (e.g., bandwidth, devices, network content).Network service provider 104 and content service provider console 106may also use access tokens associated with access device 102 for billingpurposes.

One or more embodiments of this disclosure may recognize and take intoaccount that adaptive bit rate technology can adjust the data streamprofile of network content 112 to available bandwidth, however theresulting video quality may be less than desired. This is challengingfor the network service provider to maintain the growth in terms of thecost and complexity to obtain the content rights and to build upinfrastructure for storing and maintaining the content. However, thenetwork service provider can provide high quality delivery for networkcontent 112 that is available to its users. The quality of experience isexcellent in this case for the user. But it's not the same experiencewhen the user is watching video that is available on the Internet orotherwise delivered as OTT content. The viewing experience may be poorbecause the following can happen during the period: buffering,pixelation, pauses, and resolution degradation.

One or more embodiments of this disclosure may recognize and take intoaccount that there is also a lack of a framework to provide servicelevel agreements and enforcements for network content 112, such as, forexample, video services, across network service providers. For example,many users may desire to view their online TV show while travelling, butare unable to do so, since there is no capability in the network todayto authorize, exchange agreements, and dynamically set policyenforcements along the path. Currently, the “theoretical” solution forsuch problems has been based on policy server peering with anapplication function (e.g. video server) to facilitate the installationof the policies in the visited (access) network. While policy servershave seen some deployments within existing access networks (incl.mobile), policy server peering has failed to generate traction. Reasonsfor this include overall complexity, need for policy serverinfrastructure in both networks, and reliance on a common standardizedyet extensive policy server peering architecture and associatedprotocol(s), e.g. as defined by 3GPP (TS 23.203, 29.215 etc.). One ormore embodiments of this disclosure may address the issues by combiningthe availability of OTT content with delivery quality of the networkservice provider to achieve the most desirable combination while relyingon simple and adopted standards that are currently in wide use on theInternet. These embodiments may also open up new business models, whichnow allow network service providers to tap into a large ecosystem ofservices, and add value to the services.

The OAuth implementation is highly scalable and well suited for the openlevel of interoperability between Internet services. Using thistechnique leverages the built-in security. Though it is used fordelegated service authorization, the idea to link the NSP's and CSP'sresources enables a model where coupled resources can be used forauthorization and billing to differentiate their roles in the servicedelivery to the subscriber. The binding allows the policy to beassociated appropriately. There may be content-related policy such aslocations that are restricted from delivery. There may benetwork-related policy such as subscriber's bandwidth limitation. Thepolicies associated with the resources are passed along during theresource acquisition procedure.

The delivery of the content is using available features such as trafficpacing and DSCP marking. There may be some additional logic to set theright rate to maintain a steady rate for ABR traffic. By puttingeverything together with a few enhancements, the solution enables theend user to choose content right off the Internet and “stick it” intothe “right pipe”. The end user does not need to be a subscriber of everyaccess network that delivers the content. The business and technicalrelationships are set up between the NSPs and CSPs.

VSoD CDN is aware of the content that is delivered to the end user.Since it's aware of the bandwidth resource needed by the content,there's no need for flow filters in the network (e.g. because the accessnetwork is provisioned with a certain amount of bandwidth for the user'sVSOD traffic, which is DSCP-marked by the CDN). This reduces the amountof states and signaling load in the network. Even when the flow endpointchanges, the enforcement in the network remains the same as it is stillfor the same amount of GBR bandwidth or better QoS for non-GBRbandwidth.

FIG. 3 is a simplified illustration of a content service on demand(CSoD) flow overview in accordance with one example embodiment. Overview300 may include a user 110, network service provider 104, and contentservice provider console 106. Content service provider console 106 mayinclude multiple content service providers 106-1 . . . 106-N thatparticipate in CSoD with network service provider 104. Network serviceprovider 104 and content service provider console 106 may establish APIsfor communicating with each other.

In message 302, user 110 may enable the CSoD service provided by networkservice provider 104. In message 304, policy server 206 of networkservice provider 104 may issue network access token to content serviceprovider console 106 for access to network resources. In message 303,user 110 may select network content to access. User 110 may performthese actions through an access device. In message, 306, content serviceprovider console 106 may issue a content access token to contentdelivery network 208 for access to the network content. In traffic flow308, content delivery network 208 may use the access token to obtain thenetwork content. In message 310, content delivery network 208 maycommunicate with policy server 206 to trigger provisioning of accessnetwork 210 with the network resource.

In message 312, policy server 206 may provision access network 210 withthe network resource. For example, in one embodiment, policy server 206may provision access network 210 with GBR bandwidth for network contenttraffic (i.e., CSoD traffic for user 110). In provisioning accessnetwork 210, policy server 206 may provision a provider edge router (PE)314. PE router 314 is an access network router between a network serviceprovider and the users/devices served by the provider. The networkcontent may flow through access network 210 and reach a customer premiseequipment (CPE) 316. CPE 316 is a router located on the premises of user110 that provides an Ethernet interface between the local area networkof user 110 and a core network of network service provider 104.

In traffic flow 318, content delivery network 208 may provide networkcontent to user 110 through PE 314, access network 210, and CPE 316.Traffic flow 318 may be marked for GBR bandwidth in the uplink anddownlink directions. In traffic flow 320, content service providerconsole 106 may communicate with user 110 through PE 314, access network210, and CPE 316. Traffic flow 320 may not be marked GBR bandwidth inthe uplink and downlink directions.

FIG. 4 is a simplified flowchart illustrating method for providingnetwork content in accordance with one example embodiment. A flow 400may begin at step 402, network service provider and content serviceproviders set up an authorization protocol. For example, they may set upOAuth APIs. The OAuth APIs enable the service providers to share andauthorize network resources and content resources. The network resourcesmay be, for example, bandwidth. The content resources may be, forexample, video content, gaming content, application content, or anyother type of network content.

At step 404, a content service provider receives a selection from anaccess device for CSoD service. A network service provider may providethe CSoD service. The content service provider may redirect the accessdevice to a website of the network service provider for CSoDauthorization. At step 406, the access device authenticates with thenetwork service provider. Here, the network service provider authorizesCSoD service to be used for watching network content from the contentservice provider. The network service provider provides the accessdevice a network authorization token for the network resource (e.g.,bandwidth). The network authorization token may be a one-time use token.The network service provider may direct the access device back to thecontent service provider after authorization.

At step 408, the content service provider obtains the network resourceauthorization from the network service provider. In this step, thecontent service provider may exchange the network authorization tokenwith an access token for network resource from network service provider.The token exchange may use an authorization standard, such as, forexample, OAuth. At step 410, the content service provider associates thenetwork access token with the access device. In different embodiments,the access token may be associated with the network resource (i.e.,channel).

At step 412, a content service provider receives a selection from anaccess device for network content. At 414, the content service providerprovides the access device a content authorization token for the networkcontent. The content authorization token may be a one-time use token.The content service provider may redirect the access device to a contentdelivery network of the network service provider. At step 416, anInternet streamer in the content delivery network contacts the contentservice provider and exchanges the content authorization token for acontent access token. The token exchange may use an authorizationstandard, such as, for example, OAuth. The content access token may alsobe bound with the network access token (from step 408), a contentprofile, as well as a content acquisition and delivery policy (e.g.location restriction) of the content service provider. The contentprofile may contain information about the content, such as, for example,the bit rate and content metadata. Content metadata may include, forexample, the genre of the content, cast of a video content, rating, andother suitable metadata. Based on the received information (tokens,content profiles, policies, etc.), the network service provider mayidentify that the network content should be delivered at a specific rateusing the authorized network resource for the access device. In otherwords, the network content is bound to the network resource.

At step 418, the network service provider provisions the access networkwith the network resource (e.g., the bandwidth needed for contentdelivery). Content classification in the access network may be based onthe IP address or TCP/UDP port of the access device (i.e., accountingfor network address translations as well as multiple and changing packetflows for the network content). Provisioning may involve mapping trafficto a specific bearer (e.g., an evolved packet switched system (EPS)bearer for long term evolution (LTE) technology). A particular DSCP maybe dedicated to the CSoD service and rely on the CDN to mark all“quality-enabled” traffic with the correct DSCP. At step 420, theInternet streamer acquires the network content from the content serviceprovider using the content access token. At step 422, the Internetstreamer delivers the network content by pacing network traffic at thetraffic profile and marking DSCP. The access network enforces the datapath based on the DSCP marking (i.e., no signaling to access network foradditional flows or when flows change). For billing purpose, the networkservice provider may provide the content access token associated withthe network access token to the content service provider (and viceversa) to prove that content used premium delivery.

FIG. 5 is a simplified illustration of a number of messages between auser device, network service provider, and content service provider inaccordance with one example embodiment. Access device 102 may beconnected to network service provider 104 and a content service providerconsole 106, similarly as in FIG. 1. In message 502, access device 102may navigate a portal for content network service provider 104 through,for example, the Internet, and select service on demand. In response tothe selection, in message 504, content service provider console 106redirects access device 102 to network service provider 104 forauthentication and authorization.

Network service provider 104 may authenticate access device 102 andauthorize the service on demand, assigns a channel (bandwidth) selectedby access device 102, and generates a network authorization token. Thechannel may be, for example, a high definition channel, standarddefinition channel, or some other suitable type of channel. In message506, network service provider 104 redirects access device 102 to contentservice provider console 106 with the network authorization token forthe selected channel.

In message 508, content service provider console 106 may request anetwork access token using the network authorization token. In message510, network service provider 104 may provide the network access tokenfor the selected channel. In message 512, access device 102 may navigatea portal of content service provider console 106 and select networkcontent to receive through the selected channel. Content serviceprovider console 106 may generate a content authorization token linkedto the network access token, thereby combining the resources. Therefore,using the network content may require the selected channel. In message514, content service provider console 106 may redirect access device 102to network service provider 104 with the content authorization token forthe network content. In message 516, network service provider 104 mayrequest a content access token using the content authorization token.

In message 518, content service provider console 106 may provide thecontent access token for the network content. The content access tokenmay also be bound to the network access token to access the selectedchannel. Network service provider 104 may validate the network accesstoken, obtained from the content access token, to allow use of theselected channel. In message 520, network service provider 104 mayrequest the network content using the content access token. Contentservice provider console 106 may validate the content access token toallow delivery of the network content. In message 522, content serviceprovider console 106 delivers the network content to network serviceprovider 104. If the network content is already in a cache of networkservice provider 104, then network service provider 104 only checks tosee if that the network content is not stale and messages 520 and 522may not occur.

Network service provider 104 may associate the selected channel,referenced by the network access token, with the network content.Network service provider 104 may also set the delivery rate for theselected channel in a content delivery network and provision thebandwidth for the selected channel in an access network. In message 524,network service provider 104 may redirect access device 102 to the cachewith the network content. In message 526, network service provider 104may deliver the network content at the selected rate with a trusteddifferentiated services code point marking on guaranteed bit ratebandwidth reserved for access device 102.

Additionally, if access device 102 uses network service provider 104 toaccess a second network content using a second content service provideron a second channel, then access device 102 may go through the samesteps as shown in this FIGURE again, but with the second content serviceprovider and a second channel. If access device 102 uses a secondcontent service provider but the same channel to access a second networkcontent, then access device 102 may go through the same steps as shownin FIG. 5 again, but with a second content service provider.

FIG. 6 is a simplified illustration of a number of messages for newcontent on the selected channel between a user device, network serviceprovider, and content service provider in accordance with one exampleembodiment. Access device 102 may be connected to network serviceprovider 104 and a content service provider console 106, similarly as inFIG. 1. In FIG. 6, access device 102 may have already accessed networkcontent through network service provider 104 and content serviceprovider console 106, and is attempting to access a second networkcontent from content service provider console 106.

In message 602, access device 102 may navigate a portal of contentservice provider console 106 and select a second network content toreceive through the selected channel. Content service provider console106 may generate a second content authorization token linked to thenetwork access token, thereby combining the resources. Therefore, usingthe network content may require the selected channel. In message 604,content service provider console 106 may redirect access device 102 tonetwork service provider 104 with the second content authorization tokenfor the second network content. In message 606, network service provider104 may request a second content access token using the second contentauthorization token.

In message 608, content service provider console 106 may provide thesecond content access token for the second network content. The secondcontent access token may also be bound to the network access token toaccess the selected channel. Network service provider 104 may validatethe network access token, obtained from the second content access token,to allow use of the selected channel. In message 610, network serviceprovider 104 may request the second network content using the secondcontent access token. Content service provider console 106 may validatethe second content access token to allow delivery of the second networkcontent. In message 612, content service provider console 106 deliversthe second network content to network service provider 104. If thesecond network content is already in a cache of network service provider104, then network service provider 104 only checks to see if that thesecond network content is not stale and messages 610 and 612 may notoccur.

Network service provider 104 may associate the selected channel,referenced by the network access token, with the second network content.Network service provider 104 may also set the delivery rate for theselected channel in a content delivery network and provision thebandwidth for the selected channel in an access network. In message 614,network service provider 104 may redirect access device 102 to the cachewith the second network content. In message 616, network serviceprovider 104 may deliver the second network content at the selected ratewith a trusted differentiated services code point marking on guaranteedbit rate bandwidth reserved for access device 102.

FIG. 7 is a simplified illustration of a number of messages between auser device, network service provider, and content service provider inaccordance with one example embodiment. Access device 102 may beconnected to network service provider 104 and a content service providerconsole 106, similarly as in FIG. 1. In message 702, access device 102may navigate a portal for content network service provider 104 through,for example, the Internet, and select service on demand. In response tothe selection, in message 704, content service provider console 106redirects access device 102 to network service provider 104 forauthentication and authorization.

Network service provider 104 may authenticate access device 102 andauthorize the service on demand, assigns a channel selected by accessdevice 102, and generates a network authorization token. The channel maybe, for example, a high definition channel, standard definition channel,or some other suitable type of channel. In message 706, network serviceprovider 104 redirects access device 102 to content service providerconsole 106 with the network authorization token for the selectedchannel. In message 708, content service provider console 106 mayrequest a network access token using the network authorization token. Inmessage 710, network service provider 104 may provide the network accesstoken for the selected channel. In message 712, access device 102 maynavigate a portal of content service provider console 106 and selectnetwork content to receive through the selected channel. Content serviceprovider console 106 may generate a content authorization token linkedto the network access token, thereby combining the resources. Therefore,using the network content may require the selected channel.

In message 714, content service provider console 106 may redirect accessdevice 102 to network service provider 104 with the contentauthorization token for the network content. In message 716, networkservice provider 104 may request a content access token using thecontent authorization token. In message 718, content service providerconsole 106 may provide the content access token for the networkcontent. The content access token may also contain the network accesstoken to access the selected channel. Network service provider 104 mayvalidate the network access token, obtained from the content accesstoken, to allow use of the selected channel.

In message 720, network service provider 104 may request the networkcontent using the content access token. Content service provider console106 may validate the content access token to allow delivery of thenetwork content. In message 722, content service provider console 106delivers the network content to network service provider 104. If thenetwork content is already in a cache of network service provider 104,then network service provider 104 only checks to see if that the networkcontent is not stale and messages 720 and 722 may not occur. Networkservice provider 104 may associate the selected channel, referenced bythe network access token, with the network content. Network serviceprovider 104 may also set the delivery rate for the selected channel ina content delivery network and provision the bandwidth for the selectedchannel in an access network. In message 724, network service provider104 may redirect access device 102 to the cache with the networkcontent. In message 726, network service provider 104 may deliver thenetwork content at the selected rate with a trusted differentiatedservices code point marking on guaranteed bit rate bandwidth reservedfor access device 102.

FIG. 8 is a simplified illustration of a number of messages between auser device, home network service provider, visited network serviceprovider, and content service provider in accordance with one exampleembodiment. Access device 102 may be connected to home network serviceprovider 104-1, visited network service provider 104-2, and a contentservice provider console 106, similarly as in FIG. 1 except home networkservice provider 104-1 and visited network service provider 104-2 may beshown together as network service provider 104. Home network serviceprovider 104-1 and visited network service provider 104-2 may bedifferent administrative domains.

In message 802, access device 102 may navigate a portal for contentnetwork service provider 104 through, for example, the Internet, andselect content service on demand. In response to the selection, inmessage 804, content service provider console 106 redirects accessdevice 102 to network service provider 104 for authentication andauthorization.

Network service provider 104 may authenticate access device 102 andauthorize the service on demand, assigns a channel selected by accessdevice 102, and generates a network authorization token. The channel maybe, for example, a high definition channel, standard definition channel,or some other suitable type of channel. In message 806, network serviceprovider 104 redirects access device 102 to content service providerconsole 106 with the network authorization token for the selectedchannel.

In message 808, content service provider console 106 may request anetwork access token from visited network service provider 104-2 usingthe network authorization token. In message 810, visited network serviceprovider 104-2 may request the network access token from home networkservice provider 104-1 using the network authorization token. In message812, network service provider 104 may provide the network access tokento visited network service provider 104-2 for the selected channel.Visited network service provider 104-2 may authorize the service ondemand, assign a channel selected by access device 102, and generates anetwork authorization token linked to the network authorization token.

In message 814, access device 102 may navigate a portal of contentservice provider console 106 and select network content to receivethrough the selected channel. Content service provider console 106 maygenerate a content authorization token linked to the network accesstoken, thereby combining the resources. Therefore, using the networkcontent may require the selected channel. In message 816, contentservice provider console 106 may redirect access device 102 to visitednetwork service provider 104-2 with the content authorization token forthe network content. In message 818, visited network service provider104-2 may request a content access token using the content authorizationtoken.

In message 820, content service provider console 106 may provide thecontent access token for the network content to visited network serviceprovider 104-2. The content access token may also contain the networkaccess token to access the selected channel. Network service provider104 may validate the network access token, obtained from the contentaccess token, to allow use of the selected channel.

In message 822, visited network service provider 104-2 may request thenetwork content using the content access token. Content service providerconsole 106 may validate the content access token to allow delivery ofthe network content. In message 824, content service provider console106 delivers the network content to visited network service provider104-2. If the network content is already in a cache of visited networkservice provider 104-2, then visited network service provider 104-2 mayonly check to see if that the network content is not stale and messages822 and 824 may not occur.

Visited network service provider 104-2 may associate the selectedchannel, referenced by the network access token, with the networkcontent. Visited network service provider 104-2 may also set thedelivery rate for the selected channel in a content delivery network andprovision the bandwidth for the selected channel in an access network.In message 826, visited network service provider 104-2 may redirectaccess device 102 to the cache with the network content. In message 828,visited network service provider 104-2 may deliver the network contentat the selected rate with a trusted differentiated services code pointmarking on guaranteed bit rate bandwidth reserved for access device 102.

In message 830, visited network service provider 104-2 may reportdelivery of the network content associated with the network accesstoken. In message 832, home network service provider 104-1 may associatethe selected channel, referenced by the network access token, with thenetwork content. Home network service provider 104-1 may not use anaccess network resource. However, the information of the selectedchannel the network content may be used for billing a user associatedwith access device 102.

FIG. 9 is a simplified illustration of a number of messages for newcontent on the selected channel between a user device, network serviceprovider, and content service provider in accordance with one exampleembodiment. Access device 102 may be connected to network serviceprovider 104 and a content service provider console 106, similarly as inFIG. 1. In this FIGURE, access device 102 may only have a subscriptionto network content on content service provider console 106.

In message 902, access device 102 may navigate a portal of contentservice provider console 106 and select network content to receivethrough service on demand. Content service provider console 106 maydetermine network service provider based on an Internet Protocol addressof access device 102. In message 904, content service provider console106 may request a network access token from network service provider104. Network service provider 104 may authorize service on demand,assign a selected channel to access device 102, and generate a networkaccess token. In message 906, network service provider 104 may providethe network access token for the selected channel to content serviceprovider console 106.

Content service provider console 106 may generate a contentauthorization token linked to the network access token, therebycombining the resources. Therefore, using the network content mayrequire the selected channel. In message 908, content service providerconsole 106 may redirect access device 102 to network service provider104 with the content authorization token for the network content. Inmessage 910, network service provider 104 may request a content accesstoken from content service provider console 106 using the second contentauthorization token. In message 912, content service provider console106 may provide the content access token for the network content. Thecontent access token may also contain the network access token to accessthe selected channel. Network service provider 104 may validate thenetwork access token, obtained from the second content access token, toallow use of the selected channel.

In message 914, network service provider 104 may request the networkcontent using the content access token. Content service provider console106 may validate the content access token to allow delivery of thenetwork content. In message 916, content service provider console 106delivers the network content to network service provider 104. If thenetwork content is already in a cache of network service provider 104,then network service provider 104 only checks to see if that the networkcontent is not stale and messages 914 and 916 may not occur.

Network service provider 104 may associate the selected channel,referenced by the network access token, with the network content.Network service provider 104 may also set the delivery rate for theselected channel in a content delivery network and provision thebandwidth for the selected channel in an access network. In message 918,network service provider 104 may redirect access device 102 to the cachewith the network content. In message 920, network service provider 104may deliver the network content at the selected rate with a trusteddifferentiated services code point marking on guaranteed bit ratebandwidth reserved for access device 102. In message 922, networkservice provider 104 may report delivery of the network contentassociated with the content access token to content service providerconsole 106.

FIGS. 10A and 10B are simplified illustrations of a number of messagesduring a service on demand session initiation in accordance with oneexample embodiment. Access device 102 may be connected to access network210, policy server 206, Internet streamer 212, service router 214, webserver 216, and content service provider console 106. In message 1002,access device 102 may navigate a portal for content network serviceprovider 104 through, for example, the Internet, and select service ondemand. In response to the selection, in message 1004, content serviceprovider console 106 redirects access device 102 to web server 216 forauthentication and authorization. An application-programming interface(API) of a network service provider may be invoked for service on demandauthorization.

Web server 216 may authenticate access device 102 and authorize theservice on demand, assigns a channel selected by access device 102, andgenerates a network authorization token associated with access device102. In message 1006, web server 216 redirects access device 102 tocontent service provider console 106 with the network authorizationtoken. In message 1008, content service provider console 106 may requesta network access token using the network authorization token. In message1010, web server 216 may provide the network access token. The API of anetwork service provider may be invoked for service on demandauthorization. The network access token may be associated with thebandwidth needed for access device 102. Messages 1002-1010 may onlyoccur when access device 102 accesses a content service provider for thefirst time.

In message 1012, access device 102 may navigate a portal of contentservice provider console 106 and select network content to receive onaccess device 102. Content service provider console 106 may generate acontent authorization token linked to the network access token, therebycombining the resources. In message 1014, content service providerconsole 106 may redirect access device 102 to service router 214 withthe content authorization token for the network content. In message1016, service router 214 may redirect access device 102 to Internetstreamer 212 for network content delivery with the content authorizationtoken.

In message 1018, Internet streamer 212 may request a content accesstoken using the content authorization token. In message 1020, contentservice provider console 106 may provide the content access token forthe network content. The content access token may also contain thenetwork access token to access the bandwidth for access device 102. TheAPI of a network service provider may be invoked for service on demandauthorization. In messages 1018-1020, the content authorization tokenmay be used as the content access token, but the network access tokenmay not be desirable to expose to a user of access device 102.

In message 1022, Internet streamer 212 may request validation of thenetwork access token, obtained from the content access token, from webserver 216. Web server 216 may validate the network access token,obtained from the content access token, to allow use of the bandwidthfor access device 102 for network content delivery by Internet streamer212. In message 1024, web server 216 may confirm the network accesstoken is valid. In message 1026, Internet streamer 212 may request thenetwork content using the content access token. Content service providerconsole 106 may validate the content access token to allow delivery ofthe network content. In message 1028, content service provider console106 delivers the network content to Internet streamer 212. If thenetwork content is already in a cache of Internet streamer 212, thenInternet streamer 212 only checks to see if that the network content isnot stale and messages 1026 and 1028 may not occur.

In message 1030, web server 216 may request the bandwidth allocation foraccess device 102 from policy server 206. Policy server 206 checks thebandwidth availability. In message 1032, policy server 206 may allocatethe bandwidth for access device 102 in access network 210. Accessnetwork 210 may provide bandwidth for access device 102 and set up atelecommunications service, such as a bearer service. In message 1034,access network 210 may acknowledge the bandwidth allocation to policyserver 206. In message 1036, policy server 206 may acknowledge thebandwidth allocation to web server 216. Messages 1030-1036 may onlyoccur if the bandwidth for access device 102 is not already in use.

In message 1038, Internet streamer 212 may deliver the network contentat an adaptive bit rate profile rate with appropriate differentiatedservices code point marking (DSCP). The network content may be deliveredat, for example, a high definition or standard definition, obtained fromthe content access token, with trusted DSCP marking on guaranteed bitrate bandwidth reserved for access device 102.

FIG. 11 is a simplified illustration of a number of messages during aservice on demand session Internet streamer switchover in accordancewith one example embodiment. Access device 102 may be connected toaccess network 210, policy server 206, Internet streamer 212-1, Internetstreamer 212-2, web server 216, and content service provider console106. In message 1102, Internet streamer 212-1 may deliver networkcontent at an adaptive bit rate profile rate with appropriate DSCPmarking. At some point during delivery, Internet streamer 212-1 may beunable to deliver further network content. In message 1104, accessdevice 102 may navigate a portal of content service provider console 106and select network content to receive on access device 102. The networkaccess token may have been persevered during the network contentdelivery session. Content service provider console 106 may generateanother content authorization token linked to the network access token,thereby combining the resources. In message 1106, content serviceprovider console 106 may redirect access device 102 to service router214 with the content authorization token for the network content. Inmessage 1108, service router 214 may redirect access device 102 toInternet streamer 212-2 for network content delivery with the contentauthorization token.

In message 1110, Internet streamer 212-2 may request a content accesstoken using the content authorization token. In message 1112, contentservice provider console 106 may provide the content access token forthe network content. The content access token may also contain thenetwork access token to access the bandwidth for access device 102. Inmessages 1110-1112, the content authorization token may be used as thecontent access token, but the network access token may not be desirableto expose to a user of access device 102.

In message 1114, Internet streamer 212-2 may request validation of thenetwork access token, obtained from the content access token, from webserver 216. Web server 216 may validate the network access token,obtained from the content access token, to allow use of the bandwidthfor access device 102 for network content delivery by Internet streamer212-2. In message 1116, web server 216 may confirm the network accesstoken is valid.

In message 1118, Internet streamer 212-2 may request the network contentusing the content access token. Content service provider console 106 mayvalidate the content access token to allow delivery of the networkcontent. In message 1120, content service provider console 106 deliversthe network content to Internet streamer 212-2. If the network contentis already in a cache of Internet streamer 212, then Internet streamer212 only checks to see if that the network content is not stale andmessages 1118 and 1120 may not occur. In message 1122, Internet streamer212-2 may deliver the network content at an adaptive bit rate profilerate with appropriate differentiated services code point marking (DSCP).

FIG. 12 is a simplified illustration of a number of messages during aservice on demand session termination in accordance with one exampleembodiment. Access device 102 may be connected to access network 210,policy server 206, Internet streamer 212, service router 214, web server216, and content service provider console 106. In message 1202, Internetstreamer 212 may have delivery of network content stopped to accessdevice 102. The network content may be stopped by access device 102,inactivity of the delivery session, a timer, an event, or some othersuitable reason. In message 1204, Internet streamer 212 may indicate toweb server 216 that the delivery session using the network access tokenhas been terminated. In message 1206, access device 102 may indicate toweb server 216 that the delivery session using the network access tokenhas been terminated. In message 1208, web server 216 may check whether alifetime of the network access token has expired. Messages 1204-1208 mayor may not occur in any combination of just one, two, or all three.Messages 1204-1208 may also occur in any order.

Web server 216 validates the network access token and identifies thatthe network access token can be associated with access device 102. Inmessage 1212, web server 216 may release the bandwidth allocated foraccess device 102. Then, policy server 206 may release the bandwidth. Inmessage 1214, policy server 206 indicates to access network 210 torelease the bandwidth for access device 102 in access network 210. Inresponse, access network 210 may release the bandwidth for access device102.

In message 1216, access network 210 may acknowledge the bandwidthrelease to policy server 206. In message 1218, policy server 206 mayacknowledge the release of bandwidth to web server 216. In message 1220,web server 216 may confirm the bandwidth release associated with thenetwork access token to Internet streamer 212.

In regards to the internal structure associated with CSoD system 100, inone particular embodiment, content service provider console 106 is anetwork element that can facilitate the video management activitiesdiscussed herein. As used herein in this Specification, the term‘network element’ is meant to encompass any of the aforementionedelements, as well as routers, switches, cable boxes, set-top boxes ofany kind, gateways, bridges, load balancers, firewalls, inline servicenodes, proxies, servers, processors, modules, or any other suitabledevice (e.g., handheld devices such as tablets, smartphones, etc.),component, element, proprietary appliance, or object operable toexchange information in a network environment. Any of the networkelements of FIG. 1 may include any suitable hardware, software,components, modules, interfaces, or objects that facilitate theoperations thereof. This may be inclusive of appropriate algorithms andcommunication protocols that allow for the effective exchange of data orinformation.

Additionally, it should be noted that each of content service providerconsole 106, network service provider 104, access network 210, policyserver 206, content delivery network 208, and access device 102 caninclude memory elements for storing information to be used in theoperations outlined herein. Each of content service provider console106, network service provider 104, access network 210, policy server206, content delivery network 208, and access device 102 may keepinformation in any suitable memory element (e.g., random access memory(RAM), read-only memory (ROM), erasable programmable ROM (EPROM),electrically erasable programmable ROM (EEPROM), application specificintegrated circuit (ASIC), etc.), software, hardware, or in any othersuitable component, device, element, or object where appropriate andbased on particular needs. Any of the memory items discussed hereinshould be construed as being encompassed within the broad term ‘memoryelement.’ The information being used, tracked, sent, or received bycontent service provider console 106, network service provider 104,access network 210, policy server 206, content delivery network 208, andaccess device 102 could be provided in any database, register, queue,table, cache, control list, or other storage structure, all of which canbe referenced at any suitable timeframe. Any such storage options may beincluded within the broad term ‘memory element’ as used herein.

In certain embodiments, the functions outlined herein may be implementedby logic encoded in one or more tangible media (e.g., embedded logicprovided in an ASIC, digital signal processor (DSP) instructions,software (potentially inclusive of object code and source code) to beexecuted by a processor, or other similar machine, etc.), which may beinclusive of non-transitory media. In some of these instances, memoryelements can store data used for the operations described herein. Thisincludes the memory elements being able to store software, logic, code,or processor instructions that are executed to carry out the activitiesdescribed herein.

In one embodiment, content service provider console 106, network serviceprovider 104, access network 210, policy server 206, content deliverynetwork 208, and access device 102 may include software modules toachieve, or to foster, operations as outlined herein. In otherembodiments, such operations may be carried out by hardware, implementedexternally to these elements, or included in some other network deviceto achieve the intended functionality. Alternatively, these elements mayinclude software (or reciprocating software) that can coordinate inorder to achieve the operations, as outlined herein. In still otherembodiments, one or all of these devices may include any suitablealgorithms, hardware, software, components, modules, interfaces, orobjects that facilitate the operations thereof.

Additionally, each of use content service provider console 106, networkservice provider 104, access network 210, policy server 206, contentdelivery network 208, and access device 102 may include a processor thatcan execute software or an algorithm to perform activities as discussedherein. A processor can execute any type of instructions associated withthe data to achieve the operations detailed herein. In one example, theprocessors could transform an element or an article (e.g., data) fromone state or thing to another state or thing. In another example, theactivities outlined herein may be implemented with fixed logic orprogrammable logic (e.g., software/computer instructions executed by aprocessor) and the elements identified herein could be some type of aprogrammable processor, programmable digital logic (e.g., a fieldprogrammable gate array (FPGA), an EPROM, an EEPROM) or an ASIC thatincludes digital logic, software, code, electronic instructions, or anysuitable combination thereof. Any of the potential processing elements,modules, and machines described herein should be construed as beingencompassed within the broad term ‘processor.’

Numerous other changes, substitutions, variations, alterations, andmodifications may be ascertained to one skilled in the art and it isintended that the present disclosure encompass all such changes,substitutions, variations, alterations, and modifications as fallingwithin the scope of the appended claims. In order to assist the UnitedStates Patent and Trademark Office (USPTO) and, additionally, anyreaders of any patent issued on this application in interpreting theclaims appended hereto, Applicant wishes to note that the Applicant: (a)does not intend any of the appended claims to invoke paragraph six (6)of 35 U.S.C. section 112 as it exists on the date of the filing hereofunless the words “means for” or “step for” are specifically used in theparticular claims; and (b) does not intend, by any statement in thespecification, to limit this disclosure in any way that is not otherwisereflected in the appended claims.

What is claimed is:
 1. A method, comprising: receiving a request for anetwork content delivery service from an access device; directing theaccess device to a network service provider for authentication for thenetwork content delivery service; receiving a network authorizationtoken from the access device, wherein the network authorization token isassociated with the access device; obtaining a network access token fromthe network service provider; and binding the network access token to acontent access token.
 2. The method of claim 1, wherein obtaining thenetwork access token from the network service provider comprises:requesting the network access token from the network service providerusing the network authorization token; and receiving the network accesstoken, wherein the network access token is associated with a networkresource for the access device.
 3. The method of claim 1, furthercomprising: receiving a request for network content from the accessdevice; generating a content authorization token; associating thecontent authorization token with the network access token; and providingthe content authorization token to the access device.
 4. The method ofclaim 3, further comprising: receiving the content authorization tokenfrom the network service provider; generating the content access token;and providing the content access token bound with the network accesstoken to the network service provider.
 5. The method of claim 4, furthercomprising: receiving the content access token from the network serviceprovider; validating the content access token; and providing the networkcontent to the network service provider.
 6. The method of claim 1,wherein the network resource reflects bandwidth allocation at aguaranteed bit rate.
 7. The method of claim 1, wherein the contentaccess token bound with the network access token comprises a contentprofile, an authorized bandwidth, and a content acquisition and deliverypolicy.
 8. The method of claim 7, wherein the content profile comprisesan adaptive bit rate profile and content metadata.
 9. A method,comprising: receiving a content authorization token from an accessdevice; and requesting a content access token from a content serviceprovider using the content authorization token; and receiving thecontent access token, wherein the content access token is bound to anetwork access token.
 10. The method of claim 9, wherein the contentaccess token bound with the network access token comprises a contentprofile an authorized bandwidth, and a content acquisition and deliverypolicy.
 11. The method of claim 10, wherein the content profilecomprises an adaptive bit rate profile and content metadata.
 12. Themethod of claim 9, further comprising: receiving a request for thenetwork access token from a content service provider, wherein thecontent service provider provides the network authorization token;generating a network access token; associating the network access tokenwith a network resource for the access device; and providing the networkaccess token to the content service provider.
 13. The method of claim12, wherein the network resource is bandwidth allocation at a guaranteedbit rate.
 14. The method of claim 13, further comprising: requesting thebandwidth allocation from a policy server.
 15. The method of claim 12,further comprising: providing the network content to the access deviceusing the network resource.
 16. The method of claim 15, furthercomprising: marking the network content using differentiated servicescode point.
 17. An apparatus for providing network content, comprising:a processor; a memory element; and an Internet streamer coupled to theprocessor and the memory element, wherein the apparatus is configuredto: receive a content authorization token from the access device;request a content access token from the content service provider usingthe content authorization token; and receive the content access token,wherein the content access token is bound to the network access token.18. The apparatus of claim 17, wherein the apparatus is furtherconfigured to: request network content from the content service providerusing the content access token; and receive the network content.
 19. Theapparatus of claim 17, further comprising: a policy server configuredto: receive a request for bandwidth allocation; determine if thebandwidth allocation is available; and allocate the bandwidth in anaccess network.
 20. A non-transitory tangible media encoding logic thatincludes instructions for execution and when executed by a processor, isoperable to perform operations comprising: receiving a request for anetwork content delivery service from an access device; directing theaccess device to a network service provider for authentication for thenetwork content delivery service; receiving a network authorizationtoken from the access device, wherein the network authorization token isassociated with the access device; obtaining a network access token fromthe network service provider; and binding the network access token to acontent access token.
 21. The media of claim 20, wherein obtaining thenetwork access token from the network service provider comprises:requesting the network access token from the network service providerusing the network authorization token; and receiving the network accesstoken, wherein the network access token is associated with a networkresource for the access device.
 22. The media of claim 20, theoperations further comprising: receiving a request for network contentfrom the access device; generating a content authorization token;associating the content authorization token with the network accesstoken; and providing the content authorization token to the accessdevice.
 23. The media of claim 20, the operations further comprising:receiving the content authorization token from the network serviceprovider; generating the content access token; and providing the contentaccess token bound with the network access token to the network serviceprovider.
 24. The media of claim 20, the operations further comprising:receiving the content access token from the network service provider;validating the content access token; and providing the network contentto the network service provider.
 25. The media of claim 20, wherein thenetwork resource reflects bandwidth allocation at a guaranteed bit rate.